From: Scott Worley Date: Fri, 3 Aug 2012 16:02:45 +0000 (-0700) Subject: Keep server timestamps for all copies X-Git-Url: http://git.scottworley.com/reliable-chat/commitdiff_plain/705e26cf257d96a76dca724d8cd1c21b9f32d3f9 Keep server timestamps for all copies Note: This allows a replay attack where a malicious user can cause a message to appear to be sent later than it was by re-sending it. I'm not going to worry about any of these types of issues until the crypto is in place, which will guard against most of them. --- diff --git a/webclient/rc.html b/webclient/rc.html index 8094f41..7517d14 100644 --- a/webclient/rc.html +++ b/webclient/rc.html @@ -86,6 +86,7 @@ // Time: The server timestamp of the first copy to arrive // ID: Some unique string for deduping // Text: The text of the message + // ServerTimes: server -> timestamp // UI: The DOM node for this message in the UI function rcnick() { @@ -149,7 +150,10 @@ var m = messages[i]; m.Time = new Date(m.Time); var seen_key = make_seen_key(m.ID, m.Text); - if (!(seen_key in seen)) { + if (seen_key in seen) { + seen[seen_key].ServerTimes[server] = m.Time; + } else { + m.ServerTimes = {server: m.Time}; seen[seen_key] = m; rcaddmessagetohistory(m); for (var i in servers) {